Vulnerability Description
Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitea | Gitea | < 1.5.1 |
Related Weaknesses (CWE)
References
- https://github.com/go-gitea/gitea/pull/4664PatchThird Party Advisory
- https://github.com/go-gitea/gitea/pull/4664/files#diff-146e0c2b5bb1ea96c9fb73d50PatchThird Party Advisory
- https://github.com/go-gitea/gitea/pull/4664PatchThird Party Advisory
- https://github.com/go-gitea/gitea/pull/4664/files#diff-146e0c2b5bb1ea96c9fb73d50PatchThird Party Advisory
FAQ
What is CVE-2018-1000803?
CVE-2018-1000803 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to recei...
How severe is CVE-2018-1000803?
CVE-2018-1000803 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000803?
Check the references section above for vendor advisories and patch information. Affected products include: Gitea Gitea.